1#include "builtin.h"
2#include "repository.h"
3#include "config.h"
4#include "lockfile.h"
5#include "pack.h"
6#include "refs.h"
7#include "pkt-line.h"
8#include "sideband.h"
9#include "run-command.h"
10#include "exec-cmd.h"
11#include "commit.h"
12#include "object.h"
13#include "remote.h"
14#include "connect.h"
15#include "transport.h"
16#include "string-list.h"
17#include "sha1-array.h"
18#include "connected.h"
19#include "argv-array.h"
20#include "version.h"
21#include "tag.h"
22#include "gpg-interface.h"
23#include "sigchain.h"
24#include "fsck.h"
25#include "tmp-objdir.h"
26#include "oidset.h"
27#include "packfile.h"
28#include "protocol.h"
29
30static const char * const receive_pack_usage[] = {
31 N_("git receive-pack <git-dir>"),
32 NULL
33};
34
35enum deny_action {
36 DENY_UNCONFIGURED,
37 DENY_IGNORE,
38 DENY_WARN,
39 DENY_REFUSE,
40 DENY_UPDATE_INSTEAD
41};
42
43static int deny_deletes;
44static int deny_non_fast_forwards;
45static enum deny_action deny_current_branch = DENY_UNCONFIGURED;
46static enum deny_action deny_delete_current = DENY_UNCONFIGURED;
47static int receive_fsck_objects = -1;
48static int transfer_fsck_objects = -1;
49static struct strbuf fsck_msg_types = STRBUF_INIT;
50static int receive_unpack_limit = -1;
51static int transfer_unpack_limit = -1;
52static int advertise_atomic_push = 1;
53static int advertise_push_options;
54static int unpack_limit = 100;
55static off_t max_input_size;
56static int report_status;
57static int use_sideband;
58static int use_atomic;
59static int use_push_options;
60static int quiet;
61static int prefer_ofs_delta = 1;
62static int auto_update_server_info;
63static int auto_gc = 1;
64static int reject_thin;
65static int stateless_rpc;
66static const char *service_dir;
67static const char *head_name;
68static void *head_name_to_free;
69static int sent_capabilities;
70static int shallow_update;
71static const char *alt_shallow_file;
72static struct strbuf push_cert = STRBUF_INIT;
73static struct object_id push_cert_oid;
74static struct signature_check sigcheck;
75static const char *push_cert_nonce;
76static const char *cert_nonce_seed;
77
78static const char *NONCE_UNSOLICITED = "UNSOLICITED";
79static const char *NONCE_BAD = "BAD";
80static const char *NONCE_MISSING = "MISSING";
81static const char *NONCE_OK = "OK";
82static const char *NONCE_SLOP = "SLOP";
83static const char *nonce_status;
84static long nonce_stamp_slop;
85static timestamp_t nonce_stamp_slop_limit;
86static struct ref_transaction *transaction;
87
88static enum {
89 KEEPALIVE_NEVER = 0,
90 KEEPALIVE_AFTER_NUL,
91 KEEPALIVE_ALWAYS
92} use_keepalive;
93static int keepalive_in_sec = 5;
94
95static struct tmp_objdir *tmp_objdir;
96
97static enum deny_action parse_deny_action(const char *var, const char *value)
98{
99 if (value) {
100 if (!strcasecmp(value, "ignore"))
101 return DENY_IGNORE;
102 if (!strcasecmp(value, "warn"))
103 return DENY_WARN;
104 if (!strcasecmp(value, "refuse"))
105 return DENY_REFUSE;
106 if (!strcasecmp(value, "updateinstead"))
107 return DENY_UPDATE_INSTEAD;
108 }
109 if (git_config_bool(var, value))
110 return DENY_REFUSE;
111 return DENY_IGNORE;
112}
113
114static int receive_pack_config(const char *var, const char *value, void *cb)
115{
116 int status = parse_hide_refs_config(var, value, "receive");
117
118 if (status)
119 return status;
120
121 if (strcmp(var, "receive.denydeletes") == 0) {
122 deny_deletes = git_config_bool(var, value);
123 return 0;
124 }
125
126 if (strcmp(var, "receive.denynonfastforwards") == 0) {
127 deny_non_fast_forwards = git_config_bool(var, value);
128 return 0;
129 }
130
131 if (strcmp(var, "receive.unpacklimit") == 0) {
132 receive_unpack_limit = git_config_int(var, value);
133 return 0;
134 }
135
136 if (strcmp(var, "transfer.unpacklimit") == 0) {
137 transfer_unpack_limit = git_config_int(var, value);
138 return 0;
139 }
140
141 if (strcmp(var, "receive.fsck.skiplist") == 0) {
142 const char *path;
143
144 if (git_config_pathname(&path, var, value))
145 return 1;
146 strbuf_addf(&fsck_msg_types, "%cskiplist=%s",
147 fsck_msg_types.len ? ',' : '=', path);
148 free((char *)path);
149 return 0;
150 }
151
152 if (skip_prefix(var, "receive.fsck.", &var)) {
153 if (is_valid_msg_type(var, value))
154 strbuf_addf(&fsck_msg_types, "%c%s=%s",
155 fsck_msg_types.len ? ',' : '=', var, value);
156 else
157 warning("Skipping unknown msg id '%s'", var);
158 return 0;
159 }
160
161 if (strcmp(var, "receive.fsckobjects") == 0) {
162 receive_fsck_objects = git_config_bool(var, value);
163 return 0;
164 }
165
166 if (strcmp(var, "transfer.fsckobjects") == 0) {
167 transfer_fsck_objects = git_config_bool(var, value);
168 return 0;
169 }
170
171 if (!strcmp(var, "receive.denycurrentbranch")) {
172 deny_current_branch = parse_deny_action(var, value);
173 return 0;
174 }
175
176 if (strcmp(var, "receive.denydeletecurrent") == 0) {
177 deny_delete_current = parse_deny_action(var, value);
178 return 0;
179 }
180
181 if (strcmp(var, "repack.usedeltabaseoffset") == 0) {
182 prefer_ofs_delta = git_config_bool(var, value);
183 return 0;
184 }
185
186 if (strcmp(var, "receive.updateserverinfo") == 0) {
187 auto_update_server_info = git_config_bool(var, value);
188 return 0;
189 }
190
191 if (strcmp(var, "receive.autogc") == 0) {
192 auto_gc = git_config_bool(var, value);
193 return 0;
194 }
195
196 if (strcmp(var, "receive.shallowupdate") == 0) {
197 shallow_update = git_config_bool(var, value);
198 return 0;
199 }
200
201 if (strcmp(var, "receive.certnonceseed") == 0)
202 return git_config_string(&cert_nonce_seed, var, value);
203
204 if (strcmp(var, "receive.certnonceslop") == 0) {
205 nonce_stamp_slop_limit = git_config_ulong(var, value);
206 return 0;
207 }
208
209 if (strcmp(var, "receive.advertiseatomic") == 0) {
210 advertise_atomic_push = git_config_bool(var, value);
211 return 0;
212 }
213
214 if (strcmp(var, "receive.advertisepushoptions") == 0) {
215 advertise_push_options = git_config_bool(var, value);
216 return 0;
217 }
218
219 if (strcmp(var, "receive.keepalive") == 0) {
220 keepalive_in_sec = git_config_int(var, value);
221 return 0;
222 }
223
224 if (strcmp(var, "receive.maxinputsize") == 0) {
225 max_input_size = git_config_int64(var, value);
226 return 0;
227 }
228
229 return git_default_config(var, value, cb);
230}
231
232static void show_ref(const char *path, const struct object_id *oid)
233{
234 if (sent_capabilities) {
235 packet_write_fmt(1, "%s %s\n", oid_to_hex(oid), path);
236 } else {
237 struct strbuf cap = STRBUF_INIT;
238
239 strbuf_addstr(&cap,
240 "report-status delete-refs side-band-64k quiet");
241 if (advertise_atomic_push)
242 strbuf_addstr(&cap, " atomic");
243 if (prefer_ofs_delta)
244 strbuf_addstr(&cap, " ofs-delta");
245 if (push_cert_nonce)
246 strbuf_addf(&cap, " push-cert=%s", push_cert_nonce);
247 if (advertise_push_options)
248 strbuf_addstr(&cap, " push-options");
249 strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized());
250 packet_write_fmt(1, "%s %s%c%s\n",
251 oid_to_hex(oid), path, 0, cap.buf);
252 strbuf_release(&cap);
253 sent_capabilities = 1;
254 }
255}
256
257static int show_ref_cb(const char *path_full, const struct object_id *oid,
258 int flag, void *data)
259{
260 struct oidset *seen = data;
261 const char *path = strip_namespace(path_full);
262
263 if (ref_is_hidden(path, path_full))
264 return 0;
265
266 /*
267 * Advertise refs outside our current namespace as ".have"
268 * refs, so that the client can use them to minimize data
269 * transfer but will otherwise ignore them.
270 */
271 if (!path) {
272 if (oidset_insert(seen, oid))
273 return 0;
274 path = ".have";
275 } else {
276 oidset_insert(seen, oid);
277 }
278 show_ref(path, oid);
279 return 0;
280}
281
282static void show_one_alternate_ref(const char *refname,
283 const struct object_id *oid,
284 void *data)
285{
286 struct oidset *seen = data;
287
288 if (oidset_insert(seen, oid))
289 return;
290
291 show_ref(".have", oid);
292}
293
294static void write_head_info(void)
295{
296 static struct oidset seen = OIDSET_INIT;
297
298 for_each_ref(show_ref_cb, &seen);
299 for_each_alternate_ref(show_one_alternate_ref, &seen);
300 oidset_clear(&seen);
301 if (!sent_capabilities)
302 show_ref("capabilities^{}", &null_oid);
303
304 advertise_shallow_grafts(1);
305
306 /* EOF */
307 packet_flush(1);
308}
309
310struct command {
311 struct command *next;
312 const char *error_string;
313 unsigned int skip_update:1,
314 did_not_exist:1;
315 int index;
316 struct object_id old_oid;
317 struct object_id new_oid;
318 char ref_name[FLEX_ARRAY]; /* more */
319};
320
321static void rp_error(const char *err, ...) __attribute__((format (printf, 1, 2)));
322static void rp_warning(const char *err, ...) __attribute__((format (printf, 1, 2)));
323
324static void report_message(const char *prefix, const char *err, va_list params)
325{
326 int sz;
327 char msg[4096];
328
329 sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
330 sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
331 if (sz > (sizeof(msg) - 1))
332 sz = sizeof(msg) - 1;
333 msg[sz++] = '\n';
334
335 if (use_sideband)
336 send_sideband(1, 2, msg, sz, use_sideband);
337 else
338 xwrite(2, msg, sz);
339}
340
341static void rp_warning(const char *err, ...)
342{
343 va_list params;
344 va_start(params, err);
345 report_message("warning: ", err, params);
346 va_end(params);
347}
348
349static void rp_error(const char *err, ...)
350{
351 va_list params;
352 va_start(params, err);
353 report_message("error: ", err, params);
354 va_end(params);
355}
356
357static int copy_to_sideband(int in, int out, void *arg)
358{
359 char data[128];
360 int keepalive_active = 0;
361
362 if (keepalive_in_sec <= 0)
363 use_keepalive = KEEPALIVE_NEVER;
364 if (use_keepalive == KEEPALIVE_ALWAYS)
365 keepalive_active = 1;
366
367 while (1) {
368 ssize_t sz;
369
370 if (keepalive_active) {
371 struct pollfd pfd;
372 int ret;
373
374 pfd.fd = in;
375 pfd.events = POLLIN;
376 ret = poll(&pfd, 1, 1000 * keepalive_in_sec);
377
378 if (ret < 0) {
379 if (errno == EINTR)
380 continue;
381 else
382 break;
383 } else if (ret == 0) {
384 /* no data; send a keepalive packet */
385 static const char buf[] = "0005\1";
386 write_or_die(1, buf, sizeof(buf) - 1);
387 continue;
388 } /* else there is actual data to read */
389 }
390
391 sz = xread(in, data, sizeof(data));
392 if (sz <= 0)
393 break;
394
395 if (use_keepalive == KEEPALIVE_AFTER_NUL && !keepalive_active) {
396 const char *p = memchr(data, '\0', sz);
397 if (p) {
398 /*
399 * The NUL tells us to start sending keepalives. Make
400 * sure we send any other data we read along
401 * with it.
402 */
403 keepalive_active = 1;
404 send_sideband(1, 2, data, p - data, use_sideband);
405 send_sideband(1, 2, p + 1, sz - (p - data + 1), use_sideband);
406 continue;
407 }
408 }
409
410 /*
411 * Either we're not looking for a NUL signal, or we didn't see
412 * it yet; just pass along the data.
413 */
414 send_sideband(1, 2, data, sz, use_sideband);
415 }
416 close(in);
417 return 0;
418}
419
420#define HMAC_BLOCK_SIZE 64
421
422static void hmac_sha1(unsigned char *out,
423 const char *key_in, size_t key_len,
424 const char *text, size_t text_len)
425{
426 unsigned char key[HMAC_BLOCK_SIZE];
427 unsigned char k_ipad[HMAC_BLOCK_SIZE];
428 unsigned char k_opad[HMAC_BLOCK_SIZE];
429 int i;
430 git_SHA_CTX ctx;
431
432 /* RFC 2104 2. (1) */
433 memset(key, '\0', HMAC_BLOCK_SIZE);
434 if (HMAC_BLOCK_SIZE < key_len) {
435 git_SHA1_Init(&ctx);
436 git_SHA1_Update(&ctx, key_in, key_len);
437 git_SHA1_Final(key, &ctx);
438 } else {
439 memcpy(key, key_in, key_len);
440 }
441
442 /* RFC 2104 2. (2) & (5) */
443 for (i = 0; i < sizeof(key); i++) {
444 k_ipad[i] = key[i] ^ 0x36;
445 k_opad[i] = key[i] ^ 0x5c;
446 }
447
448 /* RFC 2104 2. (3) & (4) */
449 git_SHA1_Init(&ctx);
450 git_SHA1_Update(&ctx, k_ipad, sizeof(k_ipad));
451 git_SHA1_Update(&ctx, text, text_len);
452 git_SHA1_Final(out, &ctx);
453
454 /* RFC 2104 2. (6) & (7) */
455 git_SHA1_Init(&ctx);
456 git_SHA1_Update(&ctx, k_opad, sizeof(k_opad));
457 git_SHA1_Update(&ctx, out, 20);
458 git_SHA1_Final(out, &ctx);
459}
460
461static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
462{
463 struct strbuf buf = STRBUF_INIT;
464 unsigned char sha1[20];
465
466 strbuf_addf(&buf, "%s:%"PRItime, path, stamp);
467 hmac_sha1(sha1, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed));;
468 strbuf_release(&buf);
469
470 /* RFC 2104 5. HMAC-SHA1-80 */
471 strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, 20, sha1_to_hex(sha1));
472 return strbuf_detach(&buf, NULL);
473}
474
475/*
476 * NEEDSWORK: reuse find_commit_header() from jk/commit-author-parsing
477 * after dropping "_commit" from its name and possibly moving it out
478 * of commit.c
479 */
480static char *find_header(const char *msg, size_t len, const char *key,
481 const char **next_line)
482{
483 int key_len = strlen(key);
484 const char *line = msg;
485
486 while (line && line < msg + len) {
487 const char *eol = strchrnul(line, '\n');
488
489 if ((msg + len <= eol) || line == eol)
490 return NULL;
491 if (line + key_len < eol &&
492 !memcmp(line, key, key_len) && line[key_len] == ' ') {
493 int offset = key_len + 1;
494 if (next_line)
495 *next_line = *eol ? eol + 1 : eol;
496 return xmemdupz(line + offset, (eol - line) - offset);
497 }
498 line = *eol ? eol + 1 : NULL;
499 }
500 return NULL;
501}
502
503static const char *check_nonce(const char *buf, size_t len)
504{
505 char *nonce = find_header(buf, len, "nonce", NULL);
506 timestamp_t stamp, ostamp;
507 char *bohmac, *expect = NULL;
508 const char *retval = NONCE_BAD;
509
510 if (!nonce) {
511 retval = NONCE_MISSING;
512 goto leave;
513 } else if (!push_cert_nonce) {
514 retval = NONCE_UNSOLICITED;
515 goto leave;
516 } else if (!strcmp(push_cert_nonce, nonce)) {
517 retval = NONCE_OK;
518 goto leave;
519 }
520
521 if (!stateless_rpc) {
522 /* returned nonce MUST match what we gave out earlier */
523 retval = NONCE_BAD;
524 goto leave;
525 }
526
527 /*
528 * In stateless mode, we may be receiving a nonce issued by
529 * another instance of the server that serving the same
530 * repository, and the timestamps may not match, but the
531 * nonce-seed and dir should match, so we can recompute and
532 * report the time slop.
533 *
534 * In addition, when a nonce issued by another instance has
535 * timestamp within receive.certnonceslop seconds, we pretend
536 * as if we issued that nonce when reporting to the hook.
537 */
538
539 /* nonce is concat(<seconds-since-epoch>, "-", <hmac>) */
540 if (*nonce <= '0' || '9' < *nonce) {
541 retval = NONCE_BAD;
542 goto leave;
543 }
544 stamp = parse_timestamp(nonce, &bohmac, 10);
545 if (bohmac == nonce || bohmac[0] != '-') {
546 retval = NONCE_BAD;
547 goto leave;
548 }
549
550 expect = prepare_push_cert_nonce(service_dir, stamp);
551 if (strcmp(expect, nonce)) {
552 /* Not what we would have signed earlier */
553 retval = NONCE_BAD;
554 goto leave;
555 }
556
557 /*
558 * By how many seconds is this nonce stale? Negative value
559 * would mean it was issued by another server with its clock
560 * skewed in the future.
561 */
562 ostamp = parse_timestamp(push_cert_nonce, NULL, 10);
563 nonce_stamp_slop = (long)ostamp - (long)stamp;
564
565 if (nonce_stamp_slop_limit &&
566 labs(nonce_stamp_slop) <= nonce_stamp_slop_limit) {
567 /*
568 * Pretend as if the received nonce (which passes the
569 * HMAC check, so it is not a forged by third-party)
570 * is what we issued.
571 */
572 free((void *)push_cert_nonce);
573 push_cert_nonce = xstrdup(nonce);
574 retval = NONCE_OK;
575 } else {
576 retval = NONCE_SLOP;
577 }
578
579leave:
580 free(nonce);
581 free(expect);
582 return retval;
583}
584
585/*
586 * Return 1 if there is no push_cert or if the push options in push_cert are
587 * the same as those in the argument; 0 otherwise.
588 */
589static int check_cert_push_options(const struct string_list *push_options)
590{
591 const char *buf = push_cert.buf;
592 int len = push_cert.len;
593
594 char *option;
595 const char *next_line;
596 int options_seen = 0;
597
598 int retval = 1;
599
600 if (!len)
601 return 1;
602
603 while ((option = find_header(buf, len, "push-option", &next_line))) {
604 len -= (next_line - buf);
605 buf = next_line;
606 options_seen++;
607 if (options_seen > push_options->nr
608 || strcmp(option,
609 push_options->items[options_seen - 1].string)) {
610 retval = 0;
611 goto leave;
612 }
613 free(option);
614 }
615
616 if (options_seen != push_options->nr)
617 retval = 0;
618
619leave:
620 free(option);
621 return retval;
622}
623
624static void prepare_push_cert_sha1(struct child_process *proc)
625{
626 static int already_done;
627
628 if (!push_cert.len)
629 return;
630
631 if (!already_done) {
632 struct strbuf gpg_output = STRBUF_INIT;
633 struct strbuf gpg_status = STRBUF_INIT;
634 int bogs /* beginning_of_gpg_sig */;
635
636 already_done = 1;
637 if (write_object_file(push_cert.buf, push_cert.len, "blob",
638 &push_cert_oid))
639 oidclr(&push_cert_oid);
640
641 memset(&sigcheck, '\0', sizeof(sigcheck));
642 sigcheck.result = 'N';
643
644 bogs = parse_signature(push_cert.buf, push_cert.len);
645 if (verify_signed_buffer(push_cert.buf, bogs,
646 push_cert.buf + bogs, push_cert.len - bogs,
647 &gpg_output, &gpg_status) < 0) {
648 ; /* error running gpg */
649 } else {
650 sigcheck.payload = push_cert.buf;
651 sigcheck.gpg_output = gpg_output.buf;
652 sigcheck.gpg_status = gpg_status.buf;
653 parse_gpg_output(&sigcheck);
654 }
655
656 strbuf_release(&gpg_output);
657 strbuf_release(&gpg_status);
658 nonce_status = check_nonce(push_cert.buf, bogs);
659 }
660 if (!is_null_oid(&push_cert_oid)) {
661 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s",
662 oid_to_hex(&push_cert_oid));
663 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s",
664 sigcheck.signer ? sigcheck.signer : "");
665 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s",
666 sigcheck.key ? sigcheck.key : "");
667 argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c",
668 sigcheck.result);
669 if (push_cert_nonce) {
670 argv_array_pushf(&proc->env_array,
671 "GIT_PUSH_CERT_NONCE=%s",
672 push_cert_nonce);
673 argv_array_pushf(&proc->env_array,
674 "GIT_PUSH_CERT_NONCE_STATUS=%s",
675 nonce_status);
676 if (nonce_status == NONCE_SLOP)
677 argv_array_pushf(&proc->env_array,
678 "GIT_PUSH_CERT_NONCE_SLOP=%ld",
679 nonce_stamp_slop);
680 }
681 }
682}
683
684struct receive_hook_feed_state {
685 struct command *cmd;
686 int skip_broken;
687 struct strbuf buf;
688 const struct string_list *push_options;
689};
690
691typedef int (*feed_fn)(void *, const char **, size_t *);
692static int run_and_feed_hook(const char *hook_name, feed_fn feed,
693 struct receive_hook_feed_state *feed_state)
694{
695 struct child_process proc = CHILD_PROCESS_INIT;
696 struct async muxer;
697 const char *argv[2];
698 int code;
699
700 argv[0] = find_hook(hook_name);
701 if (!argv[0])
702 return 0;
703
704 argv[1] = NULL;
705
706 proc.argv = argv;
707 proc.in = -1;
708 proc.stdout_to_stderr = 1;
709 if (feed_state->push_options) {
710 int i;
711 for (i = 0; i < feed_state->push_options->nr; i++)
712 argv_array_pushf(&proc.env_array,
713 "GIT_PUSH_OPTION_%d=%s", i,
714 feed_state->push_options->items[i].string);
715 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d",
716 feed_state->push_options->nr);
717 } else
718 argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT");
719
720 if (tmp_objdir)
721 argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir));
722
723 if (use_sideband) {
724 memset(&muxer, 0, sizeof(muxer));
725 muxer.proc = copy_to_sideband;
726 muxer.in = -1;
727 code = start_async(&muxer);
728 if (code)
729 return code;
730 proc.err = muxer.in;
731 }
732
733 prepare_push_cert_sha1(&proc);
734
735 code = start_command(&proc);
736 if (code) {
737 if (use_sideband)
738 finish_async(&muxer);
739 return code;
740 }
741
742 sigchain_push(SIGPIPE, SIG_IGN);
743
744 while (1) {
745 const char *buf;
746 size_t n;
747 if (feed(feed_state, &buf, &n))
748 break;
749 if (write_in_full(proc.in, buf, n) < 0)
750 break;
751 }
752 close(proc.in);
753 if (use_sideband)
754 finish_async(&muxer);
755
756 sigchain_pop(SIGPIPE);
757
758 return finish_command(&proc);
759}
760
761static int feed_receive_hook(void *state_, const char **bufp, size_t *sizep)
762{
763 struct receive_hook_feed_state *state = state_;
764 struct command *cmd = state->cmd;
765
766 while (cmd &&
767 state->skip_broken && (cmd->error_string || cmd->did_not_exist))
768 cmd = cmd->next;
769 if (!cmd)
770 return -1; /* EOF */
771 strbuf_reset(&state->buf);
772 strbuf_addf(&state->buf, "%s %s %s\n",
773 oid_to_hex(&cmd->old_oid), oid_to_hex(&cmd->new_oid),
774 cmd->ref_name);
775 state->cmd = cmd->next;
776 if (bufp) {
777 *bufp = state->buf.buf;
778 *sizep = state->buf.len;
779 }
780 return 0;
781}
782
783static int run_receive_hook(struct command *commands,
784 const char *hook_name,
785 int skip_broken,
786 const struct string_list *push_options)
787{
788 struct receive_hook_feed_state state;
789 int status;
790
791 strbuf_init(&state.buf, 0);
792 state.cmd = commands;
793 state.skip_broken = skip_broken;
794 if (feed_receive_hook(&state, NULL, NULL))
795 return 0;
796 state.cmd = commands;
797 state.push_options = push_options;
798 status = run_and_feed_hook(hook_name, feed_receive_hook, &state);
799 strbuf_release(&state.buf);
800 return status;
801}
802
803static int run_update_hook(struct command *cmd)
804{
805 const char *argv[5];
806 struct child_process proc = CHILD_PROCESS_INIT;
807 int code;
808
809 argv[0] = find_hook("update");
810 if (!argv[0])
811 return 0;
812
813 argv[1] = cmd->ref_name;
814 argv[2] = oid_to_hex(&cmd->old_oid);
815 argv[3] = oid_to_hex(&cmd->new_oid);
816 argv[4] = NULL;
817
818 proc.no_stdin = 1;
819 proc.stdout_to_stderr = 1;
820 proc.err = use_sideband ? -1 : 0;
821 proc.argv = argv;
822
823 code = start_command(&proc);
824 if (code)
825 return code;
826 if (use_sideband)
827 copy_to_sideband(proc.err, -1, NULL);
828 return finish_command(&proc);
829}
830
831static int is_ref_checked_out(const char *ref)
832{
833 if (is_bare_repository())
834 return 0;
835
836 if (!head_name)
837 return 0;
838 return !strcmp(head_name, ref);
839}
840
841static char *refuse_unconfigured_deny_msg =
842 N_("By default, updating the current branch in a non-bare repository\n"
843 "is denied, because it will make the index and work tree inconsistent\n"
844 "with what you pushed, and will require 'git reset --hard' to match\n"
845 "the work tree to HEAD.\n"
846 "\n"
847 "You can set the 'receive.denyCurrentBranch' configuration variable\n"
848 "to 'ignore' or 'warn' in the remote repository to allow pushing into\n"
849 "its current branch; however, this is not recommended unless you\n"
850 "arranged to update its work tree to match what you pushed in some\n"
851 "other way.\n"
852 "\n"
853 "To squelch this message and still keep the default behaviour, set\n"
854 "'receive.denyCurrentBranch' configuration variable to 'refuse'.");
855
856static void refuse_unconfigured_deny(void)
857{
858 rp_error("%s", _(refuse_unconfigured_deny_msg));
859}
860
861static char *refuse_unconfigured_deny_delete_current_msg =
862 N_("By default, deleting the current branch is denied, because the next\n"
863 "'git clone' won't result in any file checked out, causing confusion.\n"
864 "\n"
865 "You can set 'receive.denyDeleteCurrent' configuration variable to\n"
866 "'warn' or 'ignore' in the remote repository to allow deleting the\n"
867 "current branch, with or without a warning message.\n"
868 "\n"
869 "To squelch this message, you can set it to 'refuse'.");
870
871static void refuse_unconfigured_deny_delete_current(void)
872{
873 rp_error("%s", _(refuse_unconfigured_deny_delete_current_msg));
874}
875
876static int command_singleton_iterator(void *cb_data, struct object_id *oid);
877static int update_shallow_ref(struct command *cmd, struct shallow_info *si)
878{
879 static struct lock_file shallow_lock;
880 struct oid_array extra = OID_ARRAY_INIT;
881 struct check_connected_options opt = CHECK_CONNECTED_INIT;
882 uint32_t mask = 1 << (cmd->index % 32);
883 int i;
884
885 trace_printf_key(&trace_shallow,
886 "shallow: update_shallow_ref %s\n", cmd->ref_name);
887 for (i = 0; i < si->shallow->nr; i++)
888 if (si->used_shallow[i] &&
889 (si->used_shallow[i][cmd->index / 32] & mask) &&
890 !delayed_reachability_test(si, i))
891 oid_array_append(&extra, &si->shallow->oid[i]);
892
893 opt.env = tmp_objdir_env(tmp_objdir);
894 setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra);
895 if (check_connected(command_singleton_iterator, cmd, &opt)) {
896 rollback_lock_file(&shallow_lock);
897 oid_array_clear(&extra);
898 return -1;
899 }
900
901 commit_lock_file(&shallow_lock);
902
903 /*
904 * Make sure setup_alternate_shallow() for the next ref does
905 * not lose these new roots..
906 */
907 for (i = 0; i < extra.nr; i++)
908 register_shallow(&extra.oid[i]);
909
910 si->shallow_ref[cmd->index] = 0;
911 oid_array_clear(&extra);
912 return 0;
913}
914
915/*
916 * NEEDSWORK: we should consolidate various implementions of "are we
917 * on an unborn branch?" test into one, and make the unified one more
918 * robust. !get_sha1() based check used here and elsewhere would not
919 * allow us to tell an unborn branch from corrupt ref, for example.
920 * For the purpose of fixing "deploy-to-update does not work when
921 * pushing into an empty repository" issue, this should suffice for
922 * now.
923 */
924static int head_has_history(void)
925{
926 struct object_id oid;
927
928 return !get_oid("HEAD", &oid);
929}
930
931static const char *push_to_deploy(unsigned char *sha1,
932 struct argv_array *env,
933 const char *work_tree)
934{
935 const char *update_refresh[] = {
936 "update-index", "-q", "--ignore-submodules", "--refresh", NULL
937 };
938 const char *diff_files[] = {
939 "diff-files", "--quiet", "--ignore-submodules", "--", NULL
940 };
941 const char *diff_index[] = {
942 "diff-index", "--quiet", "--cached", "--ignore-submodules",
943 NULL, "--", NULL
944 };
945 const char *read_tree[] = {
946 "read-tree", "-u", "-m", NULL, NULL
947 };
948 struct child_process child = CHILD_PROCESS_INIT;
949
950 child.argv = update_refresh;
951 child.env = env->argv;
952 child.dir = work_tree;
953 child.no_stdin = 1;
954 child.stdout_to_stderr = 1;
955 child.git_cmd = 1;
956 if (run_command(&child))
957 return "Up-to-date check failed";
958
959 /* run_command() does not clean up completely; reinitialize */
960 child_process_init(&child);
961 child.argv = diff_files;
962 child.env = env->argv;
963 child.dir = work_tree;
964 child.no_stdin = 1;
965 child.stdout_to_stderr = 1;
966 child.git_cmd = 1;
967 if (run_command(&child))
968 return "Working directory has unstaged changes";
969
970 /* diff-index with either HEAD or an empty tree */
971 diff_index[4] = head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX;
972
973 child_process_init(&child);
974 child.argv = diff_index;
975 child.env = env->argv;
976 child.no_stdin = 1;
977 child.no_stdout = 1;
978 child.stdout_to_stderr = 0;
979 child.git_cmd = 1;
980 if (run_command(&child))
981 return "Working directory has staged changes";
982
983 read_tree[3] = sha1_to_hex(sha1);
984 child_process_init(&child);
985 child.argv = read_tree;
986 child.env = env->argv;
987 child.dir = work_tree;
988 child.no_stdin = 1;
989 child.no_stdout = 1;
990 child.stdout_to_stderr = 0;
991 child.git_cmd = 1;
992 if (run_command(&child))
993 return "Could not update working tree to new HEAD";
994
995 return NULL;
996}
997
998static const char *push_to_checkout_hook = "push-to-checkout";
999
1000static const char *push_to_checkout(unsigned char *sha1,
1001 struct argv_array *env,
1002 const char *work_tree)
1003{
1004 argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
1005 if (run_hook_le(env->argv, push_to_checkout_hook,
1006 sha1_to_hex(sha1), NULL))
1007 return "push-to-checkout hook declined";
1008 else
1009 return NULL;
1010}
1011
1012static const char *update_worktree(unsigned char *sha1)
1013{
1014 const char *retval;
1015 const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : "..";
1016 struct argv_array env = ARGV_ARRAY_INIT;
1017
1018 if (is_bare_repository())
1019 return "denyCurrentBranch = updateInstead needs a worktree";
1020
1021 argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir()));
1022
1023 if (!find_hook(push_to_checkout_hook))
1024 retval = push_to_deploy(sha1, &env, work_tree);
1025 else
1026 retval = push_to_checkout(sha1, &env, work_tree);
1027
1028 argv_array_clear(&env);
1029 return retval;
1030}
1031
1032static const char *update(struct command *cmd, struct shallow_info *si)
1033{
1034 const char *name = cmd->ref_name;
1035 struct strbuf namespaced_name_buf = STRBUF_INIT;
1036 static char *namespaced_name;
1037 const char *ret;
1038 struct object_id *old_oid = &cmd->old_oid;
1039 struct object_id *new_oid = &cmd->new_oid;
1040
1041 /* only refs/... are allowed */
1042 if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) {
1043 rp_error("refusing to create funny ref '%s' remotely", name);
1044 return "funny refname";
1045 }
1046
1047 strbuf_addf(&namespaced_name_buf, "%s%s", get_git_namespace(), name);
1048 free(namespaced_name);
1049 namespaced_name = strbuf_detach(&namespaced_name_buf, NULL);
1050
1051 if (is_ref_checked_out(namespaced_name)) {
1052 switch (deny_current_branch) {
1053 case DENY_IGNORE:
1054 break;
1055 case DENY_WARN:
1056 rp_warning("updating the current branch");
1057 break;
1058 case DENY_REFUSE:
1059 case DENY_UNCONFIGURED:
1060 rp_error("refusing to update checked out branch: %s", name);
1061 if (deny_current_branch == DENY_UNCONFIGURED)
1062 refuse_unconfigured_deny();
1063 return "branch is currently checked out";
1064 case DENY_UPDATE_INSTEAD:
1065 ret = update_worktree(new_oid->hash);
1066 if (ret)
1067 return ret;
1068 break;
1069 }
1070 }
1071
1072 if (!is_null_oid(new_oid) && !has_object_file(new_oid)) {
1073 error("unpack should have generated %s, "
1074 "but I can't find it!", oid_to_hex(new_oid));
1075 return "bad pack";
1076 }
1077
1078 if (!is_null_oid(old_oid) && is_null_oid(new_oid)) {
1079 if (deny_deletes && starts_with(name, "refs/heads/")) {
1080 rp_error("denying ref deletion for %s", name);
1081 return "deletion prohibited";
1082 }
1083
1084 if (head_name && !strcmp(namespaced_name, head_name)) {
1085 switch (deny_delete_current) {
1086 case DENY_IGNORE:
1087 break;
1088 case DENY_WARN:
1089 rp_warning("deleting the current branch");
1090 break;
1091 case DENY_REFUSE:
1092 case DENY_UNCONFIGURED:
1093 case DENY_UPDATE_INSTEAD:
1094 if (deny_delete_current == DENY_UNCONFIGURED)
1095 refuse_unconfigured_deny_delete_current();
1096 rp_error("refusing to delete the current branch: %s", name);
1097 return "deletion of the current branch prohibited";
1098 default:
1099 return "Invalid denyDeleteCurrent setting";
1100 }
1101 }
1102 }
1103
1104 if (deny_non_fast_forwards && !is_null_oid(new_oid) &&
1105 !is_null_oid(old_oid) &&
1106 starts_with(name, "refs/heads/")) {
1107 struct object *old_object, *new_object;
1108 struct commit *old_commit, *new_commit;
1109
1110 old_object = parse_object(old_oid);
1111 new_object = parse_object(new_oid);
1112
1113 if (!old_object || !new_object ||
1114 old_object->type != OBJ_COMMIT ||
1115 new_object->type != OBJ_COMMIT) {
1116 error("bad sha1 objects for %s", name);
1117 return "bad ref";
1118 }
1119 old_commit = (struct commit *)old_object;
1120 new_commit = (struct commit *)new_object;
1121 if (!in_merge_bases(old_commit, new_commit)) {
1122 rp_error("denying non-fast-forward %s"
1123 " (you should pull first)", name);
1124 return "non-fast-forward";
1125 }
1126 }
1127 if (run_update_hook(cmd)) {
1128 rp_error("hook declined to update %s", name);
1129 return "hook declined";
1130 }
1131
1132 if (is_null_oid(new_oid)) {
1133 struct strbuf err = STRBUF_INIT;
1134 if (!parse_object(old_oid)) {
1135 old_oid = NULL;
1136 if (ref_exists(name)) {
1137 rp_warning("Allowing deletion of corrupt ref.");
1138 } else {
1139 rp_warning("Deleting a non-existent ref.");
1140 cmd->did_not_exist = 1;
1141 }
1142 }
1143 if (ref_transaction_delete(transaction,
1144 namespaced_name,
1145 old_oid,
1146 0, "push", &err)) {
1147 rp_error("%s", err.buf);
1148 strbuf_release(&err);
1149 return "failed to delete";
1150 }
1151 strbuf_release(&err);
1152 return NULL; /* good */
1153 }
1154 else {
1155 struct strbuf err = STRBUF_INIT;
1156 if (shallow_update && si->shallow_ref[cmd->index] &&
1157 update_shallow_ref(cmd, si))
1158 return "shallow error";
1159
1160 if (ref_transaction_update(transaction,
1161 namespaced_name,
1162 new_oid, old_oid,
1163 0, "push",
1164 &err)) {
1165 rp_error("%s", err.buf);
1166 strbuf_release(&err);
1167
1168 return "failed to update ref";
1169 }
1170 strbuf_release(&err);
1171
1172 return NULL; /* good */
1173 }
1174}
1175
1176static void run_update_post_hook(struct command *commands)
1177{
1178 struct command *cmd;
1179 struct child_process proc = CHILD_PROCESS_INIT;
1180 const char *hook;
1181
1182 hook = find_hook("post-update");
1183 if (!hook)
1184 return;
1185
1186 for (cmd = commands; cmd; cmd = cmd->next) {
1187 if (cmd->error_string || cmd->did_not_exist)
1188 continue;
1189 if (!proc.args.argc)
1190 argv_array_push(&proc.args, hook);
1191 argv_array_push(&proc.args, cmd->ref_name);
1192 }
1193 if (!proc.args.argc)
1194 return;
1195
1196 proc.no_stdin = 1;
1197 proc.stdout_to_stderr = 1;
1198 proc.err = use_sideband ? -1 : 0;
1199
1200 if (!start_command(&proc)) {
1201 if (use_sideband)
1202 copy_to_sideband(proc.err, -1, NULL);
1203 finish_command(&proc);
1204 }
1205}
1206
1207static void check_aliased_update(struct command *cmd, struct string_list *list)
1208{
1209 struct strbuf buf = STRBUF_INIT;
1210 const char *dst_name;
1211 struct string_list_item *item;
1212 struct command *dst_cmd;
1213 int flag;
1214
1215 strbuf_addf(&buf, "%s%s", get_git_namespace(), cmd->ref_name);
1216 dst_name = resolve_ref_unsafe(buf.buf, 0, NULL, &flag);
1217 strbuf_release(&buf);
1218
1219 if (!(flag & REF_ISSYMREF))
1220 return;
1221
1222 if (!dst_name) {
1223 rp_error("refusing update to broken symref '%s'", cmd->ref_name);
1224 cmd->skip_update = 1;
1225 cmd->error_string = "broken symref";
1226 return;
1227 }
1228 dst_name = strip_namespace(dst_name);
1229
1230 if ((item = string_list_lookup(list, dst_name)) == NULL)
1231 return;
1232
1233 cmd->skip_update = 1;
1234
1235 dst_cmd = (struct command *) item->util;
1236
1237 if (!oidcmp(&cmd->old_oid, &dst_cmd->old_oid) &&
1238 !oidcmp(&cmd->new_oid, &dst_cmd->new_oid))
1239 return;
1240
1241 dst_cmd->skip_update = 1;
1242
1243 rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
1244 " its target '%s' (%s..%s)",
1245 cmd->ref_name,
1246 find_unique_abbrev(&cmd->old_oid, DEFAULT_ABBREV),
1247 find_unique_abbrev(&cmd->new_oid, DEFAULT_ABBREV),
1248 dst_cmd->ref_name,
1249 find_unique_abbrev(&dst_cmd->old_oid, DEFAULT_ABBREV),
1250 find_unique_abbrev(&dst_cmd->new_oid, DEFAULT_ABBREV));
1251
1252 cmd->error_string = dst_cmd->error_string =
1253 "inconsistent aliased update";
1254}
1255
1256static void check_aliased_updates(struct command *commands)
1257{
1258 struct command *cmd;
1259 struct string_list ref_list = STRING_LIST_INIT_NODUP;
1260
1261 for (cmd = commands; cmd; cmd = cmd->next) {
1262 struct string_list_item *item =
1263 string_list_append(&ref_list, cmd->ref_name);
1264 item->util = (void *)cmd;
1265 }
1266 string_list_sort(&ref_list);
1267
1268 for (cmd = commands; cmd; cmd = cmd->next) {
1269 if (!cmd->error_string)
1270 check_aliased_update(cmd, &ref_list);
1271 }
1272
1273 string_list_clear(&ref_list, 0);
1274}
1275
1276static int command_singleton_iterator(void *cb_data, struct object_id *oid)
1277{
1278 struct command **cmd_list = cb_data;
1279 struct command *cmd = *cmd_list;
1280
1281 if (!cmd || is_null_oid(&cmd->new_oid))
1282 return -1; /* end of list */
1283 *cmd_list = NULL; /* this returns only one */
1284 oidcpy(oid, &cmd->new_oid);
1285 return 0;
1286}
1287
1288static void set_connectivity_errors(struct command *commands,
1289 struct shallow_info *si)
1290{
1291 struct command *cmd;
1292
1293 for (cmd = commands; cmd; cmd = cmd->next) {
1294 struct command *singleton = cmd;
1295 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1296
1297 if (shallow_update && si->shallow_ref[cmd->index])
1298 /* to be checked in update_shallow_ref() */
1299 continue;
1300
1301 opt.env = tmp_objdir_env(tmp_objdir);
1302 if (!check_connected(command_singleton_iterator, &singleton,
1303 &opt))
1304 continue;
1305
1306 cmd->error_string = "missing necessary objects";
1307 }
1308}
1309
1310struct iterate_data {
1311 struct command *cmds;
1312 struct shallow_info *si;
1313};
1314
1315static int iterate_receive_command_list(void *cb_data, struct object_id *oid)
1316{
1317 struct iterate_data *data = cb_data;
1318 struct command **cmd_list = &data->cmds;
1319 struct command *cmd = *cmd_list;
1320
1321 for (; cmd; cmd = cmd->next) {
1322 if (shallow_update && data->si->shallow_ref[cmd->index])
1323 /* to be checked in update_shallow_ref() */
1324 continue;
1325 if (!is_null_oid(&cmd->new_oid) && !cmd->skip_update) {
1326 oidcpy(oid, &cmd->new_oid);
1327 *cmd_list = cmd->next;
1328 return 0;
1329 }
1330 }
1331 *cmd_list = NULL;
1332 return -1; /* end of list */
1333}
1334
1335static void reject_updates_to_hidden(struct command *commands)
1336{
1337 struct strbuf refname_full = STRBUF_INIT;
1338 size_t prefix_len;
1339 struct command *cmd;
1340
1341 strbuf_addstr(&refname_full, get_git_namespace());
1342 prefix_len = refname_full.len;
1343
1344 for (cmd = commands; cmd; cmd = cmd->next) {
1345 if (cmd->error_string)
1346 continue;
1347
1348 strbuf_setlen(&refname_full, prefix_len);
1349 strbuf_addstr(&refname_full, cmd->ref_name);
1350
1351 if (!ref_is_hidden(cmd->ref_name, refname_full.buf))
1352 continue;
1353 if (is_null_oid(&cmd->new_oid))
1354 cmd->error_string = "deny deleting a hidden ref";
1355 else
1356 cmd->error_string = "deny updating a hidden ref";
1357 }
1358
1359 strbuf_release(&refname_full);
1360}
1361
1362static int should_process_cmd(struct command *cmd)
1363{
1364 return !cmd->error_string && !cmd->skip_update;
1365}
1366
1367static void warn_if_skipped_connectivity_check(struct command *commands,
1368 struct shallow_info *si)
1369{
1370 struct command *cmd;
1371 int checked_connectivity = 1;
1372
1373 for (cmd = commands; cmd; cmd = cmd->next) {
1374 if (should_process_cmd(cmd) && si->shallow_ref[cmd->index]) {
1375 error("BUG: connectivity check has not been run on ref %s",
1376 cmd->ref_name);
1377 checked_connectivity = 0;
1378 }
1379 }
1380 if (!checked_connectivity)
1381 BUG("connectivity check skipped???");
1382}
1383
1384static void execute_commands_non_atomic(struct command *commands,
1385 struct shallow_info *si)
1386{
1387 struct command *cmd;
1388 struct strbuf err = STRBUF_INIT;
1389
1390 for (cmd = commands; cmd; cmd = cmd->next) {
1391 if (!should_process_cmd(cmd))
1392 continue;
1393
1394 transaction = ref_transaction_begin(&err);
1395 if (!transaction) {
1396 rp_error("%s", err.buf);
1397 strbuf_reset(&err);
1398 cmd->error_string = "transaction failed to start";
1399 continue;
1400 }
1401
1402 cmd->error_string = update(cmd, si);
1403
1404 if (!cmd->error_string
1405 && ref_transaction_commit(transaction, &err)) {
1406 rp_error("%s", err.buf);
1407 strbuf_reset(&err);
1408 cmd->error_string = "failed to update ref";
1409 }
1410 ref_transaction_free(transaction);
1411 }
1412 strbuf_release(&err);
1413}
1414
1415static void execute_commands_atomic(struct command *commands,
1416 struct shallow_info *si)
1417{
1418 struct command *cmd;
1419 struct strbuf err = STRBUF_INIT;
1420 const char *reported_error = "atomic push failure";
1421
1422 transaction = ref_transaction_begin(&err);
1423 if (!transaction) {
1424 rp_error("%s", err.buf);
1425 strbuf_reset(&err);
1426 reported_error = "transaction failed to start";
1427 goto failure;
1428 }
1429
1430 for (cmd = commands; cmd; cmd = cmd->next) {
1431 if (!should_process_cmd(cmd))
1432 continue;
1433
1434 cmd->error_string = update(cmd, si);
1435
1436 if (cmd->error_string)
1437 goto failure;
1438 }
1439
1440 if (ref_transaction_commit(transaction, &err)) {
1441 rp_error("%s", err.buf);
1442 reported_error = "atomic transaction failed";
1443 goto failure;
1444 }
1445 goto cleanup;
1446
1447failure:
1448 for (cmd = commands; cmd; cmd = cmd->next)
1449 if (!cmd->error_string)
1450 cmd->error_string = reported_error;
1451
1452cleanup:
1453 ref_transaction_free(transaction);
1454 strbuf_release(&err);
1455}
1456
1457static void execute_commands(struct command *commands,
1458 const char *unpacker_error,
1459 struct shallow_info *si,
1460 const struct string_list *push_options)
1461{
1462 struct check_connected_options opt = CHECK_CONNECTED_INIT;
1463 struct command *cmd;
1464 struct iterate_data data;
1465 struct async muxer;
1466 int err_fd = 0;
1467
1468 if (unpacker_error) {
1469 for (cmd = commands; cmd; cmd = cmd->next)
1470 cmd->error_string = "unpacker error";
1471 return;
1472 }
1473
1474 if (use_sideband) {
1475 memset(&muxer, 0, sizeof(muxer));
1476 muxer.proc = copy_to_sideband;
1477 muxer.in = -1;
1478 if (!start_async(&muxer))
1479 err_fd = muxer.in;
1480 /* ...else, continue without relaying sideband */
1481 }
1482
1483 data.cmds = commands;
1484 data.si = si;
1485 opt.err_fd = err_fd;
1486 opt.progress = err_fd && !quiet;
1487 opt.env = tmp_objdir_env(tmp_objdir);
1488 if (check_connected(iterate_receive_command_list, &data, &opt))
1489 set_connectivity_errors(commands, si);
1490
1491 if (use_sideband)
1492 finish_async(&muxer);
1493
1494 reject_updates_to_hidden(commands);
1495
1496 if (run_receive_hook(commands, "pre-receive", 0, push_options)) {
1497 for (cmd = commands; cmd; cmd = cmd->next) {
1498 if (!cmd->error_string)
1499 cmd->error_string = "pre-receive hook declined";
1500 }
1501 return;
1502 }
1503
1504 /*
1505 * Now we'll start writing out refs, which means the objects need
1506 * to be in their final positions so that other processes can see them.
1507 */
1508 if (tmp_objdir_migrate(tmp_objdir) < 0) {
1509 for (cmd = commands; cmd; cmd = cmd->next) {
1510 if (!cmd->error_string)
1511 cmd->error_string = "unable to migrate objects to permanent storage";
1512 }
1513 return;
1514 }
1515 tmp_objdir = NULL;
1516
1517 check_aliased_updates(commands);
1518
1519 free(head_name_to_free);
1520 head_name = head_name_to_free = resolve_refdup("HEAD", 0, NULL, NULL);
1521
1522 if (use_atomic)
1523 execute_commands_atomic(commands, si);
1524 else
1525 execute_commands_non_atomic(commands, si);
1526
1527 if (shallow_update)
1528 warn_if_skipped_connectivity_check(commands, si);
1529}
1530
1531static struct command **queue_command(struct command **tail,
1532 const char *line,
1533 int linelen)
1534{
1535 struct object_id old_oid, new_oid;
1536 struct command *cmd;
1537 const char *refname;
1538 int reflen;
1539 const char *p;
1540
1541 if (parse_oid_hex(line, &old_oid, &p) ||
1542 *p++ != ' ' ||
1543 parse_oid_hex(p, &new_oid, &p) ||
1544 *p++ != ' ')
1545 die("protocol error: expected old/new/ref, got '%s'", line);
1546
1547 refname = p;
1548 reflen = linelen - (p - line);
1549 FLEX_ALLOC_MEM(cmd, ref_name, refname, reflen);
1550 oidcpy(&cmd->old_oid, &old_oid);
1551 oidcpy(&cmd->new_oid, &new_oid);
1552 *tail = cmd;
1553 return &cmd->next;
1554}
1555
1556static void queue_commands_from_cert(struct command **tail,
1557 struct strbuf *push_cert)
1558{
1559 const char *boc, *eoc;
1560
1561 if (*tail)
1562 die("protocol error: got both push certificate and unsigned commands");
1563
1564 boc = strstr(push_cert->buf, "\n\n");
1565 if (!boc)
1566 die("malformed push certificate %.*s", 100, push_cert->buf);
1567 else
1568 boc += 2;
1569 eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len);
1570
1571 while (boc < eoc) {
1572 const char *eol = memchr(boc, '\n', eoc - boc);
1573 tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
1574 boc = eol ? eol + 1 : eoc;
1575 }
1576}
1577
1578static struct command *read_head_info(struct oid_array *shallow)
1579{
1580 struct command *commands = NULL;
1581 struct command **p = &commands;
1582 for (;;) {
1583 char *line;
1584 int len, linelen;
1585
1586 line = packet_read_line(0, &len);
1587 if (!line)
1588 break;
1589
1590 if (len > 8 && starts_with(line, "shallow ")) {
1591 struct object_id oid;
1592 if (get_oid_hex(line + 8, &oid))
1593 die("protocol error: expected shallow sha, got '%s'",
1594 line + 8);
1595 oid_array_append(shallow, &oid);
1596 continue;
1597 }
1598
1599 linelen = strlen(line);
1600 if (linelen < len) {
1601 const char *feature_list = line + linelen + 1;
1602 if (parse_feature_request(feature_list, "report-status"))
1603 report_status = 1;
1604 if (parse_feature_request(feature_list, "side-band-64k"))
1605 use_sideband = LARGE_PACKET_MAX;
1606 if (parse_feature_request(feature_list, "quiet"))
1607 quiet = 1;
1608 if (advertise_atomic_push
1609 && parse_feature_request(feature_list, "atomic"))
1610 use_atomic = 1;
1611 if (advertise_push_options
1612 && parse_feature_request(feature_list, "push-options"))
1613 use_push_options = 1;
1614 }
1615
1616 if (!strcmp(line, "push-cert")) {
1617 int true_flush = 0;
1618 char certbuf[1024];
1619
1620 for (;;) {
1621 len = packet_read(0, NULL, NULL,
1622 certbuf, sizeof(certbuf), 0);
1623 if (!len) {
1624 true_flush = 1;
1625 break;
1626 }
1627 if (!strcmp(certbuf, "push-cert-end\n"))
1628 break; /* end of cert */
1629 strbuf_addstr(&push_cert, certbuf);
1630 }
1631
1632 if (true_flush)
1633 break;
1634 continue;
1635 }
1636
1637 p = queue_command(p, line, linelen);
1638 }
1639
1640 if (push_cert.len)
1641 queue_commands_from_cert(p, &push_cert);
1642
1643 return commands;
1644}
1645
1646static void read_push_options(struct string_list *options)
1647{
1648 while (1) {
1649 char *line;
1650 int len;
1651
1652 line = packet_read_line(0, &len);
1653
1654 if (!line)
1655 break;
1656
1657 string_list_append(options, line);
1658 }
1659}
1660
1661static const char *parse_pack_header(struct pack_header *hdr)
1662{
1663 switch (read_pack_header(0, hdr)) {
1664 case PH_ERROR_EOF:
1665 return "eof before pack header was fully read";
1666
1667 case PH_ERROR_PACK_SIGNATURE:
1668 return "protocol error (pack signature mismatch detected)";
1669
1670 case PH_ERROR_PROTOCOL:
1671 return "protocol error (pack version unsupported)";
1672
1673 default:
1674 return "unknown error in parse_pack_header";
1675
1676 case 0:
1677 return NULL;
1678 }
1679}
1680
1681static const char *pack_lockfile;
1682
1683static void push_header_arg(struct argv_array *args, struct pack_header *hdr)
1684{
1685 argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32,
1686 ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries));
1687}
1688
1689static const char *unpack(int err_fd, struct shallow_info *si)
1690{
1691 struct pack_header hdr;
1692 const char *hdr_err;
1693 int status;
1694 struct child_process child = CHILD_PROCESS_INIT;
1695 int fsck_objects = (receive_fsck_objects >= 0
1696 ? receive_fsck_objects
1697 : transfer_fsck_objects >= 0
1698 ? transfer_fsck_objects
1699 : 0);
1700
1701 hdr_err = parse_pack_header(&hdr);
1702 if (hdr_err) {
1703 if (err_fd > 0)
1704 close(err_fd);
1705 return hdr_err;
1706 }
1707
1708 if (si->nr_ours || si->nr_theirs) {
1709 alt_shallow_file = setup_temporary_shallow(si->shallow);
1710 argv_array_push(&child.args, "--shallow-file");
1711 argv_array_push(&child.args, alt_shallow_file);
1712 }
1713
1714 tmp_objdir = tmp_objdir_create();
1715 if (!tmp_objdir) {
1716 if (err_fd > 0)
1717 close(err_fd);
1718 return "unable to create temporary object directory";
1719 }
1720 child.env = tmp_objdir_env(tmp_objdir);
1721
1722 /*
1723 * Normally we just pass the tmp_objdir environment to the child
1724 * processes that do the heavy lifting, but we may need to see these
1725 * objects ourselves to set up shallow information.
1726 */
1727 tmp_objdir_add_as_alternate(tmp_objdir);
1728
1729 if (ntohl(hdr.hdr_entries) < unpack_limit) {
1730 argv_array_push(&child.args, "unpack-objects");
1731 push_header_arg(&child.args, &hdr);
1732 if (quiet)
1733 argv_array_push(&child.args, "-q");
1734 if (fsck_objects)
1735 argv_array_pushf(&child.args, "--strict%s",
1736 fsck_msg_types.buf);
1737 if (max_input_size)
1738 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1739 (uintmax_t)max_input_size);
1740 child.no_stdout = 1;
1741 child.err = err_fd;
1742 child.git_cmd = 1;
1743 status = run_command(&child);
1744 if (status)
1745 return "unpack-objects abnormal exit";
1746 } else {
1747 char hostname[HOST_NAME_MAX + 1];
1748
1749 argv_array_pushl(&child.args, "index-pack", "--stdin", NULL);
1750 push_header_arg(&child.args, &hdr);
1751
1752 if (xgethostname(hostname, sizeof(hostname)))
1753 xsnprintf(hostname, sizeof(hostname), "localhost");
1754 argv_array_pushf(&child.args,
1755 "--keep=receive-pack %"PRIuMAX" on %s",
1756 (uintmax_t)getpid(),
1757 hostname);
1758
1759 if (!quiet && err_fd)
1760 argv_array_push(&child.args, "--show-resolving-progress");
1761 if (use_sideband)
1762 argv_array_push(&child.args, "--report-end-of-input");
1763 if (fsck_objects)
1764 argv_array_pushf(&child.args, "--strict%s",
1765 fsck_msg_types.buf);
1766 if (!reject_thin)
1767 argv_array_push(&child.args, "--fix-thin");
1768 if (max_input_size)
1769 argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX,
1770 (uintmax_t)max_input_size);
1771 child.out = -1;
1772 child.err = err_fd;
1773 child.git_cmd = 1;
1774 status = start_command(&child);
1775 if (status)
1776 return "index-pack fork failed";
1777 pack_lockfile = index_pack_lockfile(child.out);
1778 close(child.out);
1779 status = finish_command(&child);
1780 if (status)
1781 return "index-pack abnormal exit";
1782 reprepare_packed_git(the_repository);
1783 }
1784 return NULL;
1785}
1786
1787static const char *unpack_with_sideband(struct shallow_info *si)
1788{
1789 struct async muxer;
1790 const char *ret;
1791
1792 if (!use_sideband)
1793 return unpack(0, si);
1794
1795 use_keepalive = KEEPALIVE_AFTER_NUL;
1796 memset(&muxer, 0, sizeof(muxer));
1797 muxer.proc = copy_to_sideband;
1798 muxer.in = -1;
1799 if (start_async(&muxer))
1800 return NULL;
1801
1802 ret = unpack(muxer.in, si);
1803
1804 finish_async(&muxer);
1805 return ret;
1806}
1807
1808static void prepare_shallow_update(struct command *commands,
1809 struct shallow_info *si)
1810{
1811 int i, j, k, bitmap_size = DIV_ROUND_UP(si->ref->nr, 32);
1812
1813 ALLOC_ARRAY(si->used_shallow, si->shallow->nr);
1814 assign_shallow_commits_to_refs(si, si->used_shallow, NULL);
1815
1816 si->need_reachability_test =
1817 xcalloc(si->shallow->nr, sizeof(*si->need_reachability_test));
1818 si->reachable =
1819 xcalloc(si->shallow->nr, sizeof(*si->reachable));
1820 si->shallow_ref = xcalloc(si->ref->nr, sizeof(*si->shallow_ref));
1821
1822 for (i = 0; i < si->nr_ours; i++)
1823 si->need_reachability_test[si->ours[i]] = 1;
1824
1825 for (i = 0; i < si->shallow->nr; i++) {
1826 if (!si->used_shallow[i])
1827 continue;
1828 for (j = 0; j < bitmap_size; j++) {
1829 if (!si->used_shallow[i][j])
1830 continue;
1831 si->need_reachability_test[i]++;
1832 for (k = 0; k < 32; k++)
1833 if (si->used_shallow[i][j] & (1U << k))
1834 si->shallow_ref[j * 32 + k]++;
1835 }
1836
1837 /*
1838 * true for those associated with some refs and belong
1839 * in "ours" list aka "step 7 not done yet"
1840 */
1841 si->need_reachability_test[i] =
1842 si->need_reachability_test[i] > 1;
1843 }
1844
1845 /*
1846 * keep hooks happy by forcing a temporary shallow file via
1847 * env variable because we can't add --shallow-file to every
1848 * command. check_everything_connected() will be done with
1849 * true .git/shallow though.
1850 */
1851 setenv(GIT_SHALLOW_FILE_ENVIRONMENT, alt_shallow_file, 1);
1852}
1853
1854static void update_shallow_info(struct command *commands,
1855 struct shallow_info *si,
1856 struct oid_array *ref)
1857{
1858 struct command *cmd;
1859 int *ref_status;
1860 remove_nonexistent_theirs_shallow(si);
1861 if (!si->nr_ours && !si->nr_theirs) {
1862 shallow_update = 0;
1863 return;
1864 }
1865
1866 for (cmd = commands; cmd; cmd = cmd->next) {
1867 if (is_null_oid(&cmd->new_oid))
1868 continue;
1869 oid_array_append(ref, &cmd->new_oid);
1870 cmd->index = ref->nr - 1;
1871 }
1872 si->ref = ref;
1873
1874 if (shallow_update) {
1875 prepare_shallow_update(commands, si);
1876 return;
1877 }
1878
1879 ALLOC_ARRAY(ref_status, ref->nr);
1880 assign_shallow_commits_to_refs(si, NULL, ref_status);
1881 for (cmd = commands; cmd; cmd = cmd->next) {
1882 if (is_null_oid(&cmd->new_oid))
1883 continue;
1884 if (ref_status[cmd->index]) {
1885 cmd->error_string = "shallow update not allowed";
1886 cmd->skip_update = 1;
1887 }
1888 }
1889 free(ref_status);
1890}
1891
1892static void report(struct command *commands, const char *unpack_status)
1893{
1894 struct command *cmd;
1895 struct strbuf buf = STRBUF_INIT;
1896
1897 packet_buf_write(&buf, "unpack %s\n",
1898 unpack_status ? unpack_status : "ok");
1899 for (cmd = commands; cmd; cmd = cmd->next) {
1900 if (!cmd->error_string)
1901 packet_buf_write(&buf, "ok %s\n",
1902 cmd->ref_name);
1903 else
1904 packet_buf_write(&buf, "ng %s %s\n",
1905 cmd->ref_name, cmd->error_string);
1906 }
1907 packet_buf_flush(&buf);
1908
1909 if (use_sideband)
1910 send_sideband(1, 1, buf.buf, buf.len, use_sideband);
1911 else
1912 write_or_die(1, buf.buf, buf.len);
1913 strbuf_release(&buf);
1914}
1915
1916static int delete_only(struct command *commands)
1917{
1918 struct command *cmd;
1919 for (cmd = commands; cmd; cmd = cmd->next) {
1920 if (!is_null_oid(&cmd->new_oid))
1921 return 0;
1922 }
1923 return 1;
1924}
1925
1926int cmd_receive_pack(int argc, const char **argv, const char *prefix)
1927{
1928 int advertise_refs = 0;
1929 struct command *commands;
1930 struct oid_array shallow = OID_ARRAY_INIT;
1931 struct oid_array ref = OID_ARRAY_INIT;
1932 struct shallow_info si;
1933
1934 struct option options[] = {
1935 OPT__QUIET(&quiet, N_("quiet")),
1936 OPT_HIDDEN_BOOL(0, "stateless-rpc", &stateless_rpc, NULL),
1937 OPT_HIDDEN_BOOL(0, "advertise-refs", &advertise_refs, NULL),
1938 OPT_HIDDEN_BOOL(0, "reject-thin-pack-for-testing", &reject_thin, NULL),
1939 OPT_END()
1940 };
1941
1942 packet_trace_identity("receive-pack");
1943
1944 argc = parse_options(argc, argv, prefix, options, receive_pack_usage, 0);
1945
1946 if (argc > 1)
1947 usage_msg_opt(_("Too many arguments."), receive_pack_usage, options);
1948 if (argc == 0)
1949 usage_msg_opt(_("You must specify a directory."), receive_pack_usage, options);
1950
1951 service_dir = argv[0];
1952
1953 setup_path();
1954
1955 if (!enter_repo(service_dir, 0))
1956 die("'%s' does not appear to be a git repository", service_dir);
1957
1958 git_config(receive_pack_config, NULL);
1959 if (cert_nonce_seed)
1960 push_cert_nonce = prepare_push_cert_nonce(service_dir, time(NULL));
1961
1962 if (0 <= transfer_unpack_limit)
1963 unpack_limit = transfer_unpack_limit;
1964 else if (0 <= receive_unpack_limit)
1965 unpack_limit = receive_unpack_limit;
1966
1967 switch (determine_protocol_version_server()) {
1968 case protocol_v1:
1969 /*
1970 * v1 is just the original protocol with a version string,
1971 * so just fall through after writing the version string.
1972 */
1973 if (advertise_refs || !stateless_rpc)
1974 packet_write_fmt(1, "version 1\n");
1975
1976 /* fallthrough */
1977 case protocol_v0:
1978 break;
1979 case protocol_unknown_version:
1980 BUG("unknown protocol version");
1981 }
1982
1983 if (advertise_refs || !stateless_rpc) {
1984 write_head_info();
1985 }
1986 if (advertise_refs)
1987 return 0;
1988
1989 if ((commands = read_head_info(&shallow)) != NULL) {
1990 const char *unpack_status = NULL;
1991 struct string_list push_options = STRING_LIST_INIT_DUP;
1992
1993 if (use_push_options)
1994 read_push_options(&push_options);
1995 if (!check_cert_push_options(&push_options)) {
1996 struct command *cmd;
1997 for (cmd = commands; cmd; cmd = cmd->next)
1998 cmd->error_string = "inconsistent push options";
1999 }
2000
2001 prepare_shallow_info(&si, &shallow);
2002 if (!si.nr_ours && !si.nr_theirs)
2003 shallow_update = 0;
2004 if (!delete_only(commands)) {
2005 unpack_status = unpack_with_sideband(&si);
2006 update_shallow_info(commands, &si, &ref);
2007 }
2008 use_keepalive = KEEPALIVE_ALWAYS;
2009 execute_commands(commands, unpack_status, &si,
2010 &push_options);
2011 if (pack_lockfile)
2012 unlink_or_warn(pack_lockfile);
2013 if (report_status)
2014 report(commands, unpack_status);
2015 run_receive_hook(commands, "post-receive", 1,
2016 &push_options);
2017 run_update_post_hook(commands);
2018 string_list_clear(&push_options, 0);
2019 if (auto_gc) {
2020 const char *argv_gc_auto[] = {
2021 "gc", "--auto", "--quiet", NULL,
2022 };
2023 struct child_process proc = CHILD_PROCESS_INIT;
2024
2025 proc.no_stdin = 1;
2026 proc.stdout_to_stderr = 1;
2027 proc.err = use_sideband ? -1 : 0;
2028 proc.git_cmd = 1;
2029 proc.argv = argv_gc_auto;
2030
2031 close_all_packs(the_repository->objects);
2032 if (!start_command(&proc)) {
2033 if (use_sideband)
2034 copy_to_sideband(proc.err, -1, NULL);
2035 finish_command(&proc);
2036 }
2037 }
2038 if (auto_update_server_info)
2039 update_server_info(0);
2040 clear_shallow_info(&si);
2041 }
2042 if (use_sideband)
2043 packet_flush(1);
2044 oid_array_clear(&shallow);
2045 oid_array_clear(&ref);
2046 free((void *)push_cert_nonce);
2047 return 0;
2048}